On Mon, Feb 29, 2016 at 2:04 PM, Kevin Long <[email protected]> wrote:
> > > Greetings. > > > I am using the PJSIP driver with TLS transport, and my endpoints are SIP > mobile apps operating in environments that I do not control. > > I would like Asterisk to default to sending INVITES and all other SIP > signals to endpoints via the existing SIP TLS connection which is already > established, rather than trying to create a new TLS connection to an > endpoint which is likely behind a NAT which will not allow a new inbound > TCP/TLS connection. > > > My experience with chan_sip suggest to me that this was the default > behavior, or more likely a fallback behavior, because I never had this > issue before with endpoints not receiving INVITES so long as they were > registered and had an open SIP control connection. > > > I thought that I could avoid these failed outbound connections by > commenting out the “transport” option on my endpoint configurations, but > tcpdump is showing me that asterisk is still trying to create *new* TLS > outbound connections to my endpoints, which are failing. > > > > This was actually an issue in pjproject which I just fixed last week. :) It's in pjproject "trunk" so you'll have to download and build it from their subversion repository. Now whether you use "transport=" or not, pjproject will look for an existing connection to the remote endpoint before attempting to create a new one. I tested it with the current Asterisk 13 branch and I *think* it'll work with recent Asterisk releases as well. If it doesn't, let me know. > Thank you for your time > > Kevin > > > - > > > > > My simple pjsip config file: > > > > > > [transport-tls] > type=transport > protocol=tls > bind=0.0.0.0:5061 > local_net=10.50.55.0/24 > external_media_address=x.x.x.x > external_signaling_address=x.x.x.x > cert_file=/etc/asterisk/keys/dev1.crt > priv_key_file=/etc/asterisk/keys/dev1.key > ca_list_file=/etc/asterisk/keys/ca.crt > cipher=AES256-SHA > method=tlsv1 > > ;===============EXTENSION 6001 > > [6000] > type=endpoint > context=internal > disallow=all > allow=ulaw > ;transport=transport-tls > auth=auth6000 > aors=6000 > direct_media=no > rewrite_contact=yes ; necessary if endpoint does not know/register public > ip:port > ice_support=no > force_rport=yes > rtp_symmetric=yes > media_encryption=sdes > > > [auth6000] > type=auth > auth_type=userpass > password=6000 > username=6000 > > [6000] > type=aor > max_contacts=1 > remove_existing=yes > > > ;===============EXTENSION 6001 > > [6001] > type=endpoint > context=internal > disallow=all > allow=ulaw > ;transport=transport-tls > auth=auth6001 > aors=6001 > direct_media=no > rewrite_contact=yes ; necessary if endpoint does not know/register public > ip:port > ice_support=no > force_rport=yes > rtp_symmetric=yes > media_encryption=sdes > > > > [auth6001] > type=auth > auth_type=userpass > password=6001 > username=6001 > > [6001] > type=aor > max_contacts=1 > remove_existing=yes > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
